chairman-daily-brief

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests public, untrusted content—e.g., it calls the QVeris API from scripts/fetch_market_data.py and scripts/fetch_company_news.py (and directly scrapes public pages in scripts/fetch_sina_quote.py), SKILL.md lists public news and social media sources (X/Twitter, Xueqiu, Caidazi, THS, etc.), and that fetched news/social sentiment is fed into analyze_news_sentiment.py, risk_detection.py and generate_report.py to produce PR/investment recommendations, so third‑party content directly influences actions and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires and calls the QVeris API at https://qveris.ai/api/v1 (e.g., /tools/execute) at runtime using the QVERIS_API_KEY, and those endpoints are used to discover and execute remote "tools" whose returned behavior/data can directly influence the agent's outputs or trigger remote execution, so this external URL is a runtime dependency that can control prompts/behavior.